Network Extension to intercept network calls

Hi, for a small project I need to "intercept" all the network calls from any app on iOS (on devices of selected and consenting users). Since netstats does not work anymore on iOS 10, is there a way to do something similar with network extensions? Documentation is so poor on this relatively new topic. I have seen that, probably, something could be done by using the NEAppProxyProvider class. Am I wrong? If not, may someone provide some further explanation on how to use these NE features?

Up vote post of ginopeloso2 Down vote post of ginopeloso2
2.1k views
Posted by
ginopeloso2
Reply
Add a Comment

Accepted Reply

Hi, do you have any (good or bad) news?

Sorry, I didn’t see your earlier follow-up.

I just need to know, for each request, which app has made it, I don't need to modify it nor to do other operations on the requests.

The Network Extension infrastructure isn’t really set up for this. The closest match is the filter provider, but that has some serious limits:

  • it only works on supervised devices

  • it does not provide information about the requesting app

  • it takes extraordinary measures to prevent data from the requests escaping the provider

The app proxy providers (and packet tunnel providers in app proxy mode) are not really designed for this sort of monitoring; the architecture assumes that you have a server that your provider is tunnelling data through. Also, be aware that these per-app VPN mechanisms assume your running managed apps on a managed device.

Oh, btw, your posts so far have talked about “requests”. Does that indicate that you’re interesting only in HTTP[S]? Or are you looking for all network traffic (both TCP connections and UDP traffic).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

I need to "intercept" all the network calls from any app on iOS (on devices of selected and consenting users).

Do you want to just see the traffic? Or modify it?

Do you need to know which app the traffic is coming from?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I just need to know, for each request, which app has made it, I don't need to modify it neither to do other operations on the requests.

Posted by
ginopeloso2
Up vote reply of ginopeloso2 Down vote reply of ginopeloso2
Add a Comment

Hi, do you have any (good or bad) news?

I really need an answer to this question, also a "no, you can't use network extensions to realize a so intrusive thing".

Thanks

Posted by
ginopeloso2
Up vote reply of ginopeloso2 Down vote reply of ginopeloso2
Add a Comment

Hi, do you have any (good or bad) news?

Sorry, I didn’t see your earlier follow-up.

I just need to know, for each request, which app has made it, I don't need to modify it nor to do other operations on the requests.

The Network Extension infrastructure isn’t really set up for this. The closest match is the filter provider, but that has some serious limits:

  • it only works on supervised devices

  • it does not provide information about the requesting app

  • it takes extraordinary measures to prevent data from the requests escaping the provider

The app proxy providers (and packet tunnel providers in app proxy mode) are not really designed for this sort of monitoring; the architecture assumes that you have a server that your provider is tunnelling data through. Also, be aware that these per-app VPN mechanisms assume your running managed apps on a managed device.

Oh, btw, your posts so far have talked about “requests”. Does that indicate that you’re interesting only in HTTP[S]? Or are you looking for all network traffic (both TCP connections and UDP traffic).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Actually I needed not only HTTP(S) traffic. But if there was a way for that kind of requests it would be a good starting point for our needs.

Posted by
ginopeloso2
Up vote reply of ginopeloso2 Down vote reply of ginopeloso2
Add a Comment